none
What kernel has been used in Windows Vista? RRS feed

  • Question

  • I always wonder whether the kernel used in Windows Vista is same as that in XP & 2003 or different? If it is different, then in what respects?
    And also, can any one tell me where (in which folder) are the files related to the kernel or the kernel itself is stored in Windows???
    Thursday, February 8, 2007 1:51 PM

Answers

  • Hi Anurag-

    Windows XP, server 2003 and Vista all use the NT kernel, however, there have been some significant changes/additions for Vista. This link (http://www.microsoft.com/whdc/system/vista/kernel-en.mspx) is to a whitepaper that gives a high level overview of those changes and provides links to more in-depth papers for reference.

    This link (http://www.microsoft.com/whdc/system/default.mspx) covers all versions of Windows from 2000 up through Vista and would be a good starting point for background reading. It also covers many of the changes to the NT kernel in Vista, but it's interspersed with info on previous versions of the OS so you'll need to do a bit of digging for the Vista stuff.

    Lastly, the kernel is contained in the files below (as specified in the book Windows Internals, 4th Ed):

    • Ntoskrnl.exe - Executive and kernel
    • Ntkrnlpa.exe (32-bit systems only) - Executive and kernel with support for Physical Address Extension (PAE), which allows addressing of up to 64 GB of physical memory
    • Hal.dll - Hardware abstraction layer
    • Win32k.sys - Kernel-mode part of the Windows subsystem
    • Ntdll.dll - Internal support functions and system service dispatch stubs to executive functions
    • Kernel32.dll, Advapi32.dll, User32.dll, Gdi32.dll - Core Windows subsystem DLLs

    I hope this answers your question.

    Brian

    Thursday, February 8, 2007 9:47 PM

All replies

  • may be in system32 and system folders, u can find them in windows folder  of ur local disk
    Thursday, February 8, 2007 7:32 PM
  • Hi Anurag-

    Windows XP, server 2003 and Vista all use the NT kernel, however, there have been some significant changes/additions for Vista. This link (http://www.microsoft.com/whdc/system/vista/kernel-en.mspx) is to a whitepaper that gives a high level overview of those changes and provides links to more in-depth papers for reference.

    This link (http://www.microsoft.com/whdc/system/default.mspx) covers all versions of Windows from 2000 up through Vista and would be a good starting point for background reading. It also covers many of the changes to the NT kernel in Vista, but it's interspersed with info on previous versions of the OS so you'll need to do a bit of digging for the Vista stuff.

    Lastly, the kernel is contained in the files below (as specified in the book Windows Internals, 4th Ed):

    • Ntoskrnl.exe - Executive and kernel
    • Ntkrnlpa.exe (32-bit systems only) - Executive and kernel with support for Physical Address Extension (PAE), which allows addressing of up to 64 GB of physical memory
    • Hal.dll - Hardware abstraction layer
    • Win32k.sys - Kernel-mode part of the Windows subsystem
    • Ntdll.dll - Internal support functions and system service dispatch stubs to executive functions
    • Kernel32.dll, Advapi32.dll, User32.dll, Gdi32.dll - Core Windows subsystem DLLs

    I hope this answers your question.

    Brian

    Thursday, February 8, 2007 9:47 PM
  • Microsoft has implemented it's own kernel for its OSs, viz. DOS/Windows based on the micro-kernel architecture.

    XP, 2003, & Vista are continuation in the Windows NT series in response to advances in the CPU technology, so the kernel is highly backward compatible with the original. In response to significant advances in the hardware, however, the kernel does include advances in functionality. Also the 64-bit variants have a 64-bit kernel that exposes identical Windows Executive API, & yet is tailor-made for the 64-bit architecture.

    The current Microsoft Platform SDK neatly documents the functionality of currently supported Microsoft OSs & is the ultimate reference.

    Friday, February 9, 2007 3:58 PM
  • A very much "thank you" for your replies Brian and Vipul. Your replies certainly proved useful to me. But one thing more I would like to ask you people.

    I've heard that the Vista kernel is closed and that most of the top Anti-virus manufacturers now cannot make a version for Vista due to this closed kernel. Why is it so?
    Sunday, February 11, 2007 7:45 AM
  • The x64 version of Windows Vista (but not the 32-bit version) includes a technology known as Kernel Patch Protection (a/k/a “KPP” or “Patchguard”), which is designed to help prevent programs like rootkits from modifying non-published data structures in the kernel in ways that would allow them to hide themselves and/or modify kernel behavior in unexpected/untested ways potentially destabilizing the system.  KPP was first introduced in March 2005 in the x64 versions of Windows Professional XP and Windows Server 2003 (SP1), so it is not really new to Windows Vista.  However, there is also legitimate software, like some antivirus and host intrusion prevention drivers, that try to modify these internal data structures in order to hook themselves into kernel control paths - and thus encounter problems due to the presence of KPP.  Microsoft is working with these vendors to establish supported mechanisms that will allow their software to run on x64 version of Windows, including Windows Vista.  By the way, the leading third party antivirus vendors should all have (by now) versions of their software available for 32-bit versions of Windows Vista, and many for x64 versions as well.  Finally,  Microsoft's own antivirus software is required to use only published interfaces and does not attempt to modify the behavior of the Windows kernel.

     

    Brian

    Wednesday, February 14, 2007 6:31 PM